Information Security Manager- GRC
Nashville, TN, US, 37228
Applications have closed
Company / Location Information
We are one of the leading manufacturers of water heating and water treatment technologies in the world. We are a $3.9 billion company with 150-year history and we employ more than 12,000 individuals globally who pride themselves on providing the world with innovative water technology. We are committed to Continuous Improvement, not just in our factories or processes, but in our people.
Primary Function
The Information Security Governance, Risk, and Compliance Manager will be responsible for managing activities related to monitoring, reporting, and raising awareness regarding third-party and internal information security control risks. The focus will be on supporting the security direction of our business and elevating our company’s security posture. The Information Security Governance, Risk, and Compliance Manager will play a key role in ensuring compliance with standards and regulations while also driving information security risk awareness, management, and corporate resiliency.
Responsibilities
- Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Manage evaluate and update policies and procedures as appropriate.
- Analyze findings, and document, recommend and report program gaps to security leadership.
- Manage and develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of services.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
- Apply GRC expertise across key lines of business, including products, practices and procedures.
- Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
- Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
- Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessments to mature monitoring and response capabilities.
- Lead and manage a team of analysts, including training, mentoring, conducting performance reviews, and exhibiting behaviors to be modeled by team members.
- Perform other duties as assigned.
Role Specific Responsibilities
Qualifications
• Bachelor’s degree in computer science or related field
• 8+ years of Information Security with a focus on governance, risk and compliance.
• Experience managing and developing people.
• Excellence in communicating business risk from cybersecurity issues.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
PREFERRED QUALIFICATIONS
• Detailed knowledge of Third-Party risk management systems and processes.
Detailed knowledge of Information Security frameworks, such as NIST CSF or ISO
• Certification in one or more security related disciplines, such as GIAC, Security+, CISSP, or CISM.
Education
Baccalaureate in Related FieldYears of Experience
Minimum of 7 years of related work experience or trainingWe Offer
Competitive compensation package and comprehensive benefits plans which include medical and dental insurance, company-sponsored life insurance, retirement security savings plan, short- and long-term disability programs and tuition assistance.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISM CISSP Compliance Computer Science GIAC Governance Monitoring NIST Privacy Risk management
Perks/benefits: Competitive pay Health care Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs